Glossary
AID (application identifier)
defined by ISO 7816, a string used to uniquely identify card applications and certain types of files in card file systems. An AID consists of two distinct pieces. A 5 byte RID (resource identifier) and a 0 to 11byte PIX (proprietary identifier extension). The RID is a resource identifier assigned to companies by ISO. The PIX identifiers are assigned by companies.
A unique AID is assigned to each CAP file and public packages in a CAP file. In addition, a unique AID is assigned to each applet in the CAP file. The AID for the CAP file, the package AID of every public package in a CAP file, and the default AID for each applet defined in the CAP file are specified. They are supplied to the converter when the CAP file is generated.
API
an acronym for Application Programming Interface. The API defines calling conventions by which an application program accesses the operating system and other services.
applet
within the context of this document, a Java Card applet is the basic unit of selection, context, functionality, and security in the Java Card technology.
applet firewall
the mechanism that prevents unauthorized accesses to objects in contexts other than currently active context.
applet package
a Java programming language package that contains one or more non-abstract classes that extend the javacard.framework.Applet class. See also library package.
assigned logical channel
the logical channel on which the applet instance is either the active applet instance or will become the active applet instance.
atomic operation
an operation that either completes in its entirety or no part of the operation completes at all.
atomicity
state in which a particular operation is atomic. Atomicity of data updates guarantee that data are not corrupted in case of power loss or card removal.
ATR
an acronym for Answer to Reset. An ATR is a string of bytes sent by the Java Card platform after a reset condition.
authentication
the process of establishing or confirming an application or a user as authentic using some sort of credentials.
basic logical channel
logical channel 0, the only channel that is active at card reset in the APDU application environment. This channel is permanent and can never be closed.
big-endian
binary compatibility
in a Java Card system, a change in a Java programming language package in a Java Card CAP file results in a new CAP file. A new CAP file is binary compatible with (equivalently, does not break compatibility with) a preexisting CAP file if another CAP file converted using the export files of the packages included in the preexisting CAP file can link with the new CAP file without errors.
bytecode
machine-independent code generated by the compiler and executed by the Java virtual machine.
CAP file
Standard file format containing a binary representation of a shared library (library CAP file) or an application with its libraries that might be exported or not (applet CAP file).
A CAP file represents a module, which is a unit of code, made of one or more Java packages, with dependencies and list of exported packages and an assigned name (AID) for lifecycle management. Its structure is made of multiple CAP components deployed within a JAR file
When a CAP file containing application(s) is deployed on a Java Card platform, it is assigned a new unique group context that must be associated with any application instance created from code within this application module.
CAP file component
A Java Card platform CAP file consists of a set of components, which represent a set of one or more Java programming language packages. Each component describes a set of elements or an aspect of the CAP file. A complete CAP file must contain all of the required components: Header, Directory, Import, Constant Pool, Method, Static Field, and Reference Location.
The following components are conditionally included or optional: the Applet, Export, Static Resources and Debug. The Applet component is included only if one or more Applets are defined in one or more packages in the CAP file. The Export component is included only if one or more packages are public and exported allowing classes in other packages to import elements from them. The Static Resources component is included only if static resources are embedded in the CAP file. The Debug component is optional. It contains all of the data necessary for debugging.card session
a card session begins when it is powered up or reset. The card is then able to exchange messages with external clients. The card session ends when the card loses power or is reset.
client application
an on-card application that uses services provided by other applications (server applications).
constant pool
the constant pool contains variable-length structures representing various string constants, class names, field names, and other constants referred to within the CAP file and the Export File structure. Each of the constant pool entries, including entry zero, is a variable-length structure whose format is indicated by its first tag byte. There are no ordering constraints on entries in the constant pool. One constant pool is associated with each package.
There are differences between the Java platform constant pool and the Java Card technology-based constant pool. For example, in the Java platform constant pool there is one constant type for method references, while in the Java Card constant pool, there are three constant types for method references. The additional information provided by a constant type in Java Card technologies simplifies resolution of references.
context
protected object space associated with each applet CAP file and Java Card RE. All objects owned by an applet belong to the context associated with the applet's CAP file.
context switch
a change from one currently active context to another. For example, a context switch is caused by an attempt to access an object that belongs to an application instance that resides in a different application group. The result of a context switch is a new currently active context.
converter
a piece of software that preprocesses all of the Java programming language class files contained in a set of packages and converts them into a CAP file. The Converter also produces export files for exported packages.
currently active context
when an object instance method is invoked, an owning context of the object becomes the currently active context.
currently selected applet
the Java Card RE keeps track of the currently selected Java Card applet. Upon receiving a SELECT FILE command with this applet's AID, the Java Card RE makes this applet the currently selected applet. The Java Card RE sends all APDU commands to the currently selected applet.
custom CAP file component
a new component added to the CAP file. The new component must conform to the general component format. It is silently ignored by a Java Card virtual machine that does not recognize the component. The identifiers associated with the new component are recorded in the custom_component item of the CAP file's Directory component.
default applet
an applet that is selected by default on a logical channel in the APDU application environment when it is opened. If an applet is designated the default applet on a particular logical channel in the APDU application environment on the Java Card platform, it becomes the active applet by default when that logical channel is opened using the basic channel.
entry point method
well-defined method of an object owned by an application (respectively the Java Card RE) that can be "legally" invoked by another application or the Java Card RE (respectively an application). SIO methods and other container-managed objects' lifecycle methods are application entry point methods. Java Card RE entry point objects' methods are Java Card RE entry point methods.
export file
a file produced by the Converter tool used during classic applet application development that represents the fields and methods of a package that can be imported by classes in other classic applet applications and classic libraries.
externally visible
in the Java Card platform, any classes, interfaces, their constructors, methods, and fields of an application that can be accessed from another application according to the Java programming language semantics, as defined by the Java Language Specification.
Externally visible items are represented in an export file. For a library package, externally visible items are represented in an export file. For an applet package, only those externally visible items that are part of a shareable interface are represented in an export file.
A Java Card CAP file may restrict the visibility of a package it contains. In this case, these packages are only visible to the other packages inside the CAP file and are not be accessible by packages in other CAP files. No export file is generated for the packages that have their visibility restricted to packages inside the same CAP file.
finalization
the process by which a Java virtual machine (JVM) allows an unreferenced object instance to release non-memory resources (for example, close and open files) prior to reclaiming the object's memory. Finalization is only performed on an object when that object is ready to be garbage collected (meaning, there are no references to the object).
Finalization is not supported by the Java Card virtual machine. The method finalize() is not called automatically by the Java Card virtual machine.
firewall
the mechanism that prevents unauthorized accesses to objects in one application group context from another application group context.
flash memory
a type of persistent mutable memory. It is more efficient in space and power than EPROM. Flash memory can be read bit by bit but can be updated only as a block. Thus, flash memory is typically used for storing additional programs or large chunks of data that are updated as a whole.
framework
the set of classes that implement the API. This includes core and extension packages. Responsibilities include applet selection, sending APDU bytes, and managing atomicity.
garbage collection
the process by which dynamically allocated storage is automatically reclaimed during the execution of a program.
group context
protected object space associated with each CAP file and Java Card RE defining the boundaries of the firewall.
heap
installer
the on-card mechanism to download and install CAP files. The installer receives executable binary from the off-card installation program, writes the binary into the smart card memory, links it with the other classes on the card, and creates and initializes any data structures used internally by the Java Card Runtime Environment.
installation program
the off-card mechanism that employs a card acceptance device (CAD) to transmit the executable binary in a CAP file to the installer running on the card.
instantiation
in object-oriented programming, to produce a particular object from its class template. This involves allocation of a data structure with the types specified by the template, and initialization of instance variables with either default values or those provided by the class's constructor function.
instruction
a statement that indicates an operation for the computer to perform and any data to be used in performing the operation. An instruction can be in machine language or a programming language.
internally visible
code items that are not externally visible. These items are not described in a package's export file and use private tokens to represent internal references. See externally visible
JAR file
an acronym for Java Archive file, which is a file format used for aggregating and compressing many files into one.
Java Card Platform Remote Method Invocation
a subset of the Java Platform Remote Method Invocation (RMI) system optionally supported by the Java Card RE. It provides a mechanism for a client application to invoke a method on a remote object of an applet on the card.
Java Card Runtime Environment (Java Card RE)
consists of the Java Card virtual machine, the application framework, and the associated native methods.
Java Card Virtual Machine (Java Card VM)
a subset of the Java virtual machine, which is designed to be run on smart cards and other resource-constrained devices. The Java Card VM acts an engine that loads Java class files and executes them with a particular set of semantics.
Java Card RE context
the context of the Java Card RE has special system privileges so that it can perform operations that are denied to contexts of applications.
Java Card RE entry point object
an object owned by the Java Card RE context that contains entry point methods. These methods can be invoked from any context and allows applications to request Java Card RE system services. A Java Card RE entry point object can be either temporary or permanent:
temporary - references to temporary Java Card RE entry point objects cannot be stored in class variables, instance variables or array components. The Java Card RE detects and restricts attempts to store references to these objects as part of the firewall functionality to prevent unauthorized reuse. Examples of these objects are APDU objects and the APDU byte array.
permanent - references to permanent Java Card RE entry point objects can be stored and freely reused. Examples of these objects are Java Card RE-owned AID instances.
JDK software
an acronym for Java Development Kit. The JDK software provides the environment required for software development in the Java programming language. The JDK software is available for a variety of operating systems.
library package
a Java programming language package that does not contain any non-abstract classes that extend the class javacard.framework.Applet. See also applet package.
local variable
a data item known within a block, but inaccessible to code outside the block. For example, any variable defined within a method is a local variable and cannot be used outside the method.
logical channel
as seen at the card edge, works as a logical link to an applet application on the card. A logical channel establishes a communications session between a card applet and the terminal. Commands issued on a specific logical channel are forwarded to the active applet on that logical channel. For more information, see the ISO/IEC 7816 Specification, Part 4. (http://www.iso.org).
mask production (masking)
refers to embedding the Java Card virtual machine, runtime environment, and applications in the read-only memory of a smart card during manufacture.
multiselectable applets
implements the javacard.framework.MultiSelectable interface. Multiselectable applets can be selected on multiple logical channels in the APDU application environment at the same time. They can also accept other applets belonging to the same applet application being selected simultaneously.
multiselected applet
an applet instance that is selected and, therefore, active on more than one logical channel in the APDU application environment simultaneously.
native method
CAP file format does not support native methods to prevent from loading untrusted code.
non-volatile memory
memory that is expected to retain its contents between card tear and power up events or across a reset event on the smart card device.
object-oriented
a programming methodology based on the concept of an object, which is a data structure encapsulated with a set of routines, called methods, which operate on the data.
object
in object-oriented programming, unique instance of a data structure defined according to the template provided by its class. Each object has its own values for the variables belonging to its class and can respond to the messages (methods) defined by its class.
origin logical channel
the logical channel in the APDU application environment on which an APDU command is issued.
owning context
the application or Java Card RE context in which an object is instantiated or created.
persistent object
persistent objects and their values persist from one card session to the next, indefinitely. Objects are persistent when referred from another persistent object. Persistent object values are typically updated atomically using transactions. The term persistent does not mean there is an object-oriented database on the card or that objects are serialized and deserialized, just that the objects are not lost when the card loses power.
RAM (random access memory)
temporary working space for storing and modifying data. RAM is non-persistent memory; that is, the information content is not preserved when power is removed from the memory cell. RAM can be accessed an unlimited number of times and none of the restrictions of EEPROM apply.
reference implementation
functional and fully compatible implementation of a given technology. It enables developers to build prototypes of applications based on the technology.
remote interface
an interface of an applet application, which extends, directly or indirectly, the interface java.rmi.Remote.
Each method declaration in the remote interface or its super-interfaces includes the exception java.rmi.RemoteException (or one of its superclasses) in its throws clause.
In a remote method declaration, if a remote object is declared as a return type, it is declared as the remote interface, not the implementation class of that interface.
In addition, Java Card RMI imposes additional constraints on the definition of remote methods of an applet application. See Java Card Platform Runtime Environment Specification, Classic Edition, Version 3.2.
remote object
an object of an applet application whose remote methods can be invoked remotely from the off-card client. A remote object is described by one or more remote interfaces of an applet application.
RMI
an acronym for Remote Method Invocation. RMI is a mechanism for invoking instance methods on objects located on remote virtual machines (meaning, a virtual machine other than that of the invoker).
ROM (read-only memory)
memory used for storing the fixed program of the card. A smart card's ROM contains operating system routines as well as permanent data and user applications. No power is needed to hold data in this kind of memory. ROM cannot be written to after the card is manufactured. Writing a binary image to the ROM is called masking and occurs during the chip manufacturing process.
service
a shareable interface object that a server application uses to provide a set of well-defined functionalities to its clients.
shareable interface
an interface that defines a set of shared methods. These interface methods can be invoked from an application in one context when the object implementing them is owned by an applet in another context.
smart card
a card that stores and processes information through the electronic circuits embedded in silicon in the substrate of its body. Unlike magnetic stripe cards, smart cards carry both processing power and information. They do not require access to remote databases at the time of a transaction.
SPI
an acronym for Service Provider Interface or sometimes for System Programming Interface. The SPI defines calling conventions by which a platform implementer may implement system services.
terminal
is typically a computer in its own right with an interface which connects with a smart card to exchange and process data.
thread
the basic unit of program execution. A process can have several threads running concurrently each performing a different job, such as waiting for events or performing a time consuming job that the program doesn't need to complete before going on. When a thread has finished its job, it is suspended or destroyed.
The Java Card virtual machine can support only a single thread of execution. Java Card technology programs cannot use class Thread or any of the thread-related keywords in the Java programming language.
transaction
an atomic operation in which the developer defines the extent of the operation by indicating in the program code the beginning and end of the transaction.
transient object
the state of transient objects do not persist from one card session to the next, and are reset to a default state at specified intervals. Updates to the values of transient objects are not atomic and are not affected by transactions.
uniform resource identifier (URI)
a compact string of characters used to identify or name an abstract or physical resource. A URI can be further classified as a uniform resource locator (URL), a uniform resource name (URN), or both. See RFC 3986 for more information.
uniform resource locator (URL)
a compact string representation used to locate resources available via network protocols or other protocols. Once the resource represented by a URL has been accessed, various operations may be performed on that resource. See RFC 1738 for more information. A URL is a type of uniform resource identifier (URI).
verification
a process performed on an application or library executable that checks that the binary representation of the application or library is structurally correct and type safe.
volatile memory
memory that is not expected to retain its contents between card tear and power up events or across a reset event on the smart card device.